Fix ynhpanel.js access in unprotected case #119
To reproduce this bug you need this :
This happen because SSOwat don't detect any cookies for
Force SSOwat to reauthenticate the user for
I tested this today and it doesnt work 100% :/ ...
Looking deeper in the code to understand the original issue, I realize that the way we handle multi-domain with the SSO is really confusing. In particular, for what I understand, one of the root cause of the issue is that we can't really check if the user is logged in when browsing
Dunno if I'm stretching this too far but I opened a discussion on the forum : https://forum.yunohost.org/t/call-for-feedback-sso-portal-in-multi-domain-context-how-should-it-work/7491
Yes it's what I understood when I worked on this issue. Considering that the user is authenticated on
I did some new test and my conclusion is that it's not possible by this way. The initial idea was to do the "cross domain authentication" in the background of the browser. The problem with this is that the cookie stored by ssowat with the parameter
So the only way to fix this case of unprotected-url is to do a redirection in foreground as same as with the protected-url.
By example one idea could be to implement this mechanism:
But yes it look like quite complex for not a big feature...
The other easy way is just to remove the